Cache-control is an HTTP header used in both client requests and server replies to define browser caching preferences. Policies specify how a resource is cached, where it is stored, and how long it can be cached before it expires (i.e., time to live).
The cache-control header is divided into directives, the most frequent of which are listed below:
Max-Age Cache-Control
The max-age request directive specifies the amount of time it takes for a cached copy of a resource to expire in seconds. When a resource expires, a browser must refresh its version of it by sending another request to a server.
Cache-control: max-age=120, for example, indicates that the retrieved resource is valid for 120 seconds before the browser must request a newer version.
No-Cache Cache-Control
The no-cache directive specifies that a browser may cache a result but must first send a validation request to an origin server.
No-Store Cache Control
Because of the no-store directive, browsers are not permitted to cache responses and must get them from the server each time they are requested. This option is typically used for sensitive data, such as personal financial information.
No-Cache Cache-Control
The no-cache directive specifies that a browser may cache a result but must first send a validation request to an origin server.
No-Store Cache Control
Because of the no-store directive, browsers are not permitted to cache responses and must get them from the server each time they are requested. This option is typically used for sensitive data, such as personal financial information.
Public Cache-Control
According to the public response directive, a resource can be cached by any cache.
Private Cache-Control
The private response directive specifies that a resource is unique to the user—it can still be cached, but only on a client device. A private web page answer, for example, can be cached by a desktop browser but not by a content delivery network (CDN).
Additional HTTP Cache Headers
Aside from cache-control, important HTTP cache headers are:
- Expires — This header defines a specified date/time for a cached resource to expire. Expires: Sat, 13 May 2017 07:00:00 GMT, for example, indicates that the cached resource will expire on May 13, 2017 at 7:00 a.m. GMT. When a cache-control header with a max-age directive is present, the expires header is disregarded.
- ETag — A response header that identifies the version of supplied content based on a token – a string of characters surrounded by quotes, such as “675af34563dc-tr34” – that changes when a resource is updated. If a token remains unaltered before making a request, the browser will continue to utilize its local version.
- Vary — A header that specifies which answers must match a cached resource in order for it to be considered legitimate. The header Vary: Accept-Language, User-Agent, for example, says that a cached version must exist for each user agent and language combination.
ZOFixer.com security scan helps to find this vulnerability in your software and server, you can easily use it by registering on our website and activating the 30-day trial.